Topics

Featured in Development

Peter Alvaro talks about the reasons one should engage in language design and why many of us would (or should) do something so perverse as to design a language that no one will ever use. He shares some of the extreme and sometimes obnoxious opinions that guided his design process.

Featured in AI, ML & Data Engineering

Today on The InfoQ Podcast, Wes talks with Katharine Jarmul about privacy and fairness in machine learning algorithms. Jarul discusses what’s meant by Ethical Machine Learning and some things to consider when working towards achieving fairness. Jarmul is the co-founder at KIProtect a machine learning security and privacy firm based in Germany and is one of the three keynote speakers at QCon.ai.

Featured in Culture & Methods

Organizations struggle to scale their agility. While every organization is different, common patterns explain the major challenges that most organizations face: organizational design, trying to copy others, “one-size-fits-all” scaling, scaling in siloes, and neglecting engineering practices. This article explains why, what to do about it, and how the three leading scaling frameworks compare.

ASP.NET Core 3.0 Projects Go on a Diet

New ASP.NET Core projects use an omnibus package called the Microsoft.AspNetCore.App. Also known as the "ASP.NET Core Shared Framework", the basic idea behind this package is it includes all the things a typical application would need. But if you look at the dependencies for this package, the definition of "need" appears to be rather loose.

Currently Microsoft.AspNetCore.App has 150 explicitly listed dependencies, up from 144 seven months ago. Among these you'll find nine different authentication provider packages.

Cookies

Facebook

Google

JwtBearer

Microsoft Account

OAuth

OpenIdConnect

Twitter

WsFederation

You'll also find eight packages for supporting Entity Framework Core with SQL Server, a SQL Server caching library, an EF Core package for diagnostics, an EF Core package for identity, and many more.

From the list of 150 dependencies, 31 are slated to be removed from ASP.NET Core 3.0's Shared Framework for violating the new inclusion criteria because they:

(1) have dependencies on 3rd party code that we have no ability to service

(2) the assemblies themselves are being deprecated in 3.0

(3) they implement protocols or auth mechanism which are highly subject to change (for instance, Facebook/Google/Twitter could decide tomorrow to change the way auth works)

We added too many things in 2.0, and we are re-adjusting back to what we believe is a maintainable set of things for the foreseeable road ahead. Most of the assemblies removed from Microsoft.AspNetCore.App will still be offered as NuGet packages. If we were to find later that 90% of all customers reference the same package, that's a good candidate for the shared framework. As mentioned in the guidance doc, however, how much an API is used is an important metric, but not the only factor we consider.

How does this affect current projects?

If you decide to upgrade to ASP.NET Core 3.0, your application will break if you are using any of the packages excluded from the Shared Framework. However, the fix is to simply manually add the excluded packages to your project as you would any other Nuget style dependency.

What packages do I actually need?

The answer to that question varies depending on what your application actually does. But if we were to consider just a simple REST server, then you only need to directly reference three packages:

Microsoft.AspNetCore

Microsoft.AspNetCore.Mvc

Microsoft.AspNetCore.HttpsPolicy

The first of these, Microsoft.AspNetCore, has 18 direct dependencies. Mvc adds 13 dependencies of its own and HttpsPolicy adds five more. This count doesn't include overlap or indirect dependencies, but still reflects a much smaller and more easily managed set of dependencies.